<?php
	/*
    TODO: 
    * Check for holes in the script.
    * Maybe use cookie instead of session, then allow deleteing/editing of own post.
    * Need a login to authorise deletion/editing by admin user.
    * Make the posting to self so the one page does all the proccesing.
    */
    session_start();  
	if(isset($_SESSION['views']))
    	$_SESSION['views'] = $_SESSION['views'] + 1;
	else
    	$_SESSION['views'] = 1;
    if(isset($_SESSION['admin']) && $_SESSION['admin'] == '1' )
    	$admin = "1";
	$views = $_SESSION['views'];
    
    /* Has admin logged on? */
    if($_POST['login'])
    {
        extract($_POST);
        if($user == "Winifred" && $password == "r1ng0ff1r3")
        {
            $_SESSION['admin'] = "1";
            
        }
    }
    /* Has admin logged out? */
    if($_POST['logout'])
    {
        $admin = 0;
        $_SESSION['admin'] = '0';
    }
?>

<link href="default.css" rel="stylesheet" title="style" type="text/css" media="screen">
<script src="SpryAssets/SpryCollapsiblePanel.js" type="text/javascript"></script>
<link href="SpryAssets/SpryCollapsiblePanel.css" rel="stylesheet" type="text/css">

<title>Ana's Place - Guestbook</title><body>
<?php
    if($page == 0) $page = 1;					// Page start at 1 with the newest posts
	$postsperpage = 10;
    include './data/phpfunctions.php';			// Passwords and functions for connecting to database stored externally.
    $db = getdb();
    $table = "anas_guestbook";					// Choose the table for this guestbook.
    $query = "SELECT * FROM " . $table;
    $result = mysql_query($query);
    $num_posts = mysql_numrows($result); 		//The number of posts in the guestbook.
    dm($query . " : "  . $result . "<br>");		// Debugging purposes only.
    
    
    if($deletePost&&$admin=="1")
    {
    	$query = "DELETE * FROM " . $table . " WHERE MID = ". $MID;
        $result = mysql_query($query);
        $deletePost=false;
    }
    
    function getpages()
    {
        global $postsperpage,$num_posts;
        if($num_posts == 0) return 1;
        return (int)(($num_posts/$postsperpage)+1.5);
    }
    
    /* Has the guestbook been signed by visator? */
    function signed()
    {
    	return isset($_SESSION['signedGuestbook']);
    }
    
    function getguestnav()
    {
        global $page;
        
        $gn = ' ';
        if($page > 1)
        {
            $gn = $gn . ', <a href="guestbook.html?page=' . (int)($page - 1) . '">PREV</a> ';
        } 
        if(getpages()>$page)
        {
            $gn = $gn . '- <a href="guestbook.html?page=' . (int)($page + 1) . '">NEXT</a> ';
        }
        return $gn;
    }
    
    /* Given a date in the format 2007-12-21 returns DEC */
    function getmonth($date)
    {
    	$months = array('JAN','FEB','MAR','APR','MAY','JUN','JUL','AUG','SEP','OCT','NOV','DEC');
        $month = $date[5] . $date[6];
        return $months[$month-1];
    }
    /* Given a date in the format 2007-12-21 returns 07 */
    function getyear($date)
    {
    	return $date[2] . $date[3];
    }
?>

<div class="container" id="gb">
	<div class="top">
		<a href="index.html"><span>Ana's Place</span></a>
	</div>
	
	<div class="header"></div>
    <div class="main">
    	<div class="item" id="gb_top">
        	<div class="fakedate"></div>
            <div class="content" id="gb">
              	<h1>Guestbook</h1>
            	<div class="body">
               	  	<?php 
						if(signed())
						{
							echo '<h2>Thanks for signing!</h2>';
                            unset($_SESSION['signedGuestbook']); // This should be removed after testing complete!
						} else { echo getGuestbookForm(); }
                    ?>
   			    </div>
       	  	</div> <!-- Close content -->
        </div><!-- Close Item -->
    	<?php
            $MID = $num_posts - 1 - ($page - 1)*$postsperpage; 		//INDEX - Start at $num_posts-1 then go to 0 to list all messages. Latest first!
            $LMID = $MID - $postsperpage;
            if($LMID <0) $LMID =0;
            while ($MID >= $LMID)
            {
                $title = mysql_result($result,$MID,"title");
                $msg = mysql_result($result,$MID,"message");
                $poster_name = mysql_result($result,$MID,"poster");
                $dateposted = mysql_result($result,$MID,"date");
                $home = mysql_result($result,$MID,"nationality");
                echo '<div class="item" id="' . $MID . '">';
                $delLink = "";
                if($admin=="1")
                {
                	echo '<div class="fakedate"><div> <br></div><span>';
                    $delLink = '<a href="guestbook-delete.php?admin=' . $admin. '&deletePost=1&MID='.$MID.'"> --Del? </a>';
                    echo $delLink . "</span></div>";
                } else {
                	echo '<div class="date"><div>' .getmonth($dateposted).'</div><span>' .getyear($dateposted) .'</span></div>';
                }
                echo '<div class="content" id="gb">';
                echo '<h1>' . $title . '</h1>';
                echo '<h2>Posted by ' . $poster_name . ' from ' . $home . '!</h2>';
                echo '<div class="body">';
                echo '<p>' . $msg . '</p></div></div></div>';
                $MID--;
            } 

		?>
        
        <div class="item" id="gb_bottom">
        	<div class="fakedate"></div>
            <div class="content" id="gb">
   				<h1>Total Posts: <?php echo $num_posts ; ?>,   Viewing Page: <?php echo $page . ' of ' . getpages(); echo getguestnav(); ?></h1>
   				<?php
                $form = '<form action="" method="post" enctype="multipart/form-data" name="login" target="_self" id="login">
   				  <label>Username
   				  <input name="user" type="text" id="user" size="10">
   				  </label>
                                <label> Password
                                <input name="password" type="PASSWORD" id="password" size="10">
                  </label>
   				                <label>
   				                <input type="submit" name="login" id="login" value="Submit">
                  </label>
   				</form>';
                if($_SESSION['admin'] == "1")
                {
                	$form2 = '<form action="" method="post" enctype="multipart/form-data" name="logout" target="_self" id="logout">
   				              <label><input type="submit" name="logout" id="logout" value="LOGOUT"></label></form>';
                    echo $form2;
                } else {
                	echo $form;
                }
   				?><p>&nbsp;</p>
          </div>
        </div>
    </div><!-- Close Main -->
	<div class="navigation">
    	<?php include './nav.php'; ?>
    </div>
    <div class="clearer"><span></span></div>
    <div class="footer">
		<?php include './footer.php'; ?>
	</div>
</div> <!-- Close container -->
</body>
<?php 
if(!signed())
{
	$ss = '<script type="text/javascript">
<!-- 
var CollapsiblePanel1 = new Spry.Widget.CollapsiblePanel("CollapsiblePanel1", {contentIsOpen:false}); 
//-->
</script>';
echo $ss;
} 
?> 